Cyber security projects: Adapting to a changing threat landscape

As cyber threats become more sophisticated and the regulatory landscape more demanding, organisations are under pressure to embed security into every aspect of their operations. For project professionals, this shift presents both a challenge and an opportunity.

“We’ve seen first-hand how project delivery is evolving to meet the demands of a rapidly changing threat environment,” says Dave Mockler (pictured), Senior Project Manager at Bridewell, a UK-based cyber security company supporting Critical National Infrastructure and complex transformation programmes. “The cyber threat landscape is becoming increasingly complex.”

According to UK government data, over 40% of businesses and nearly a third of charities reported cyber breaches in the past year. The National Cyber Security Centre’s recent review highlights that the UK continues to face an increasingly sophisticated cyber threat environment, with attacks growing in scale and complexity. In a digital-first world, the impact of these attacks can be severe—often with recovery costs and reputational damage far exceeding the initial breach.

This threat has been underscored by the recent wave of highly publicised cyber incidents affecting major UK retailers and service providers. These attacks—many of which involved ransomware—have led to prolonged online service outages, disruption to supply chains, and the theft of customer data including names, contact details, and order histories. In some cases, organisations were forced to take systems offline for weeks, suspend online orders, and issue widespread customer alerts about potential phishing attempts.

This threat has placed new demands on the project profession. Project delivery teams are now expected to navigate not only technical complexity but also regulatory pressure, stakeholder scrutiny, and evolving risk profiles. As a result, the profession is shifting—moving away from rigid methodologies toward agile and hybrid approaches that support faster, more adaptive delivery.

The types of projects emerging in this space are diverse and strategically significant. These include:

• Data Loss Prevention - Projects focused on identifying and classifying sensitive data, enforcing handling policies, and monitoring data movement to prevent breaches. These initiatives are often complex, requiring coordination across IT, legal, compliance, and people teams.
• Supply Chain Risk Management - With 65% of breaches now linked to third-party suppliers according to Verizon, organisations are prioritising the security of their extended ecosystems. Projects in this area involve vendor risk assessments, security audits, and the development of onboarding/offboarding protocols.
• Security Operations and Incident Management - These projects focus on bringing together telemetry data and threat intelligence to enable real-time decision-making and provide insights for board-level reporting. They involve integrating multiple tools and platforms, which requires strong governance, effective coordination, and robust change management.
• Behavioural Change and Culture - Embedding security awareness into daily operations, using behavioural insights to reduce insider risk. These projects may include awareness campaigns, training programmes, and the deployment of behavioural nudges to influence user actions.

Each of these projects requires a blend of technical expertise, strategic thinking, and stakeholder engagement—making the role of the project manager more critical than ever.

Dave Mockler, continues: “There is a growing emphasis on cross-functional collaboration, with cyber security specialists working alongside project managers, developers, architects, engineers and business analysts. This integrated approach is essential for ensuring that security is considered from the outset, rather than bolted on at the end.”

Preparing Project Managers for the Future

To lead effectively in this evolving environment, those responsbile for projects must broaden their skill sets to include:

• Cyber security awareness - Understanding the fundamentals of cyber threats, risk management, and basic controls is essential. Free and accessible training options include the Level 2 Certificate in Principles of Cyber Security, a UK-accredited course ideal for beginners, and the globally recognised ISC2 Certified in Cybersecurity, which is well-suited for project managers looking to validate their knowledge and progress towards more advanced roles.
• Strategic alignment - Project managers must be able to translate technical risks into business language and align security initiatives with organisational goals. This requires strong communication skills and a deep understanding of stakeholder priorities.
• Flexible delivery approaches - As more cyber projects require adaptability and responsiveness, familiarity with iterative and flexible project delivery methods is increasingly valuable. These approaches support continuous improvement and allow teams to respond quickly to emerging threats.
• Collaboration and leadership - Cyber security projects involve diverse teams with different priorities. Project managers must be able to encourage collaboration, resolve conflicts, and keep everyone aligned on outcomes.
• Continuous learning - The threat landscape is constantly evolving. Project managers should stay informed through industry publications, webinars, and professional networks.

Project managers and leaders who invest in these areas are better equipped to lead successful cyber initiatives. They’re not just delivering projects—they’re enabling resilience.

As cyber threats continue to grow in scale and sophistication, the project profession's role is demonstrating its strategic importance. From securing supply chains to shaping security culture, project professionals are at the forefront of the fight against cyber risk.

Dave Mockler concludes: “By embracing new methodologies, deepening their cyber knowledge, and encouraging cross-functional collaboration, project managers can help organisations stay secure, compliant, and competitive in a digital world.”

Need Support?

If your organisation is navigating cyber challenges or looking to strengthen its security posture, speak with Bridewell’s experts.